=============================================
========= FANTASY TENNIS PACKET SYSTEM ========
============== by AnotherCoder ==============
=============================================
1. ENCRYPTION
2. PACKET STRUCTURE
Code:
[COLOR="Navy"]for(int i = 0; i < packet_size; i++)
{
decrypted_packet[i] = encrypted_packet[i] ^ XOR_Table[(i&3)];
}
1. ENCRYPTION
The packet encryption of Fantasy Tennis is very simple, it is just a normal XOR encryption.
If you do not know what a XOR encryption is, or how to use it in your programming language,
look it up.
Here are some nice explanations:
Exclusive or - Wikipedia, the free encyclopediaBitwise operation - Wikipedia, the free encyclopedia
I will not go any further into explaining what XOR is because most programmers have already used it,
and if you do not know what it is then I am sure that you will not understand anything of this thread anyway.
Okay so let us continue.
Fantasy Tennis uses a 4-byte XOR-table to encrypt their packets here is an example of how it works:
So let us say this is our encrypted packet buffer:
{c6 89 7c 39 d3 9d 78}
and this is our XOR-table:
{a3, f1, 1d, 54}
then you have to decrypt the buffer like this:
c6 XOR a3 = 65
89 XOR f1 = 78
7c XOR 1d = 61
39 XOR 54 = 6d
d3 XOR a3 = 70
9d XOR f1 = 6c
78 XOR 1d = 65
the decrypted packet would be:
HEX: {65 78 61 6d 70 6c 65}
ASCII: example
packet[0] XOR table[0], packet[1] XOR table[1], packet[2] XOR table[2],
packet[3] XOR table[3], packet[4] XOR table[0], packet[5] XOR table[1] ...
I hope you get what I mean you use the first byte of the table to decrypt the first byte of the packet, then the second byte of the table to decrypt the second byte of the packet...and the fourth byte of the table to decrypt the fourth byte of the packet AND THEN the first byte of the table again, to decrypt the fifth byte of the packet and so on.
a C/C++ implementation would be:
that is all? Yes this is enough to decrypt the packets.
So you might be wondering, uhh? Where do I get the XOR-table from? Well good question.
Once you connect to a Fantasy Tennis server, regardless of whether it is a login or a gameserver, the server sends you an unencrypted packet which contains the XOR-tables. Tables? Yes 1 table for send and 1 table for recv
I will give you an example, so well give me a few seconds to start FantasyTennis...
Ok this is the packet that I received:
That is all you can now decrypt and encrypt the packets from send / recv and should be able to unterstand their structure.
You cannot edit or send your own packets yet because header1 and header2 differ between each packet and has to be built by yourself.
I will show you how to do that if this thread attracts enough skilled programmers who know what they do
and do not forget to press the thanks button
[/COLOR]
Also, I believe that the first 4 bytes sent in any packet are actually the time(timeGetTime). I'll do some research and update.
No it's not
They build the first 2 bytes and the next 2 bytes in 2 different ways, they use a table and the data of the packet to build the bytes that is why they add the first 4 bytes at the end when the packet data is already written into the buffer.
No it's not
They build the first 2 bytes and the next 2 bytes in 2 different ways, they use a table and the data of the packet to build the bytes that is why they add the first 4 bytes at the end when the packet data is already written into the buffer.
Well, you know better than I do, so you might be right...
Thank you^^ I think I understand now.. But one question: How can I see these packets?
Ich weiß nicht was du für Vorkenntnisse hasst, jedoch muss du Send und WSASend hooken und den buffer auslesen.
Bei Recv und WSARecv musst du die Funktion ersst durchlaufen lassen und dann den Buffer auslesen.
Achtung bei Recv und WSARecv ist der Return wert der funktion die length.
Might you people please use English for this thread only? At least this one...it is one I really understand...and it's really useful. I already managed to get to sniffing game server's ips and ports and the auth server(port 5894) sends them in the packet 4112.
Right now, I'm going to write a C# project to cover what I know so far.
I also found out that, every single server uses the exact same encryption.
**
I'd really be very thankful if Lazeboy or ZeroTen would pm me with their msns.
** EDIT
I do it as a proxy as, I can edit the auth server's ip so I make the client connect to my IP, I can then modify whatever comes and goes. When it comes to the part of the game server ports and ips, I modify the packet and set there my IP everywhere, keep the good ips, start listening on the ports I gave to the client, and whenever the client connects to a certain port, I know which ip is the good one to connect to the right game server. BTW, I've know a bug...and it's really awesome!
[Request] Packet Structure for CharData Packet 05/16/2011 - Silkroad Online - 4 Replies can someone tell me which structure the CharData packet has? i would really appreciate this, since im still noob in such things. its just too high for me/ too much information for my head. :handsdown:
S->C(3013)...
How can I check the packet structure? 08/02/2009 - Kal Online - 2 Replies Hey,
We have this packet header database:
SEND:
0x00____________ Restore Char
0x01____________ AntiCp
0x02____________ Login
0x03____________ HackShield + engine.exe CRC check
0x04____________ CreateChar
packet structure 03/09/2008 - Conquer Online 2 - 16 Replies For what I'd like to do, I think packets are the place to start. After that, probably java then C and VB. This is a question for the people here who are self-taught... what resources would you recommend for...
1. understanding packet structure
2. learning some programming language without enrolling at the local university
I'm mainly interested in packet structure and how to capture/decipher/edit/send them, and eventually I'd like to "automate" these functions by writing some programs. ...